Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSI has very insecure Secure Boot defaults #181

Closed
dawidpotocki opened this issue Dec 11, 2022 · 70 comments
Closed

MSI has very insecure Secure Boot defaults #181

dawidpotocki opened this issue Dec 11, 2022 · 70 comments

Comments

@dawidpotocki
Copy link
Contributor

dawidpotocki commented Dec 11, 2022

Some MSI motherboards with some firmware versions by default allow
booting binaries on policy violations, thereby not providing any
additional security compared to having Secure Boot disabled. Scroll down
for a list of affected boards and their firmware versions.

To deny booting on policy violation, go to the place where your Secure
Boot settings are in your UEFI, change "Secure Boot Mode" to "Custom"
and then open "Image Execution Policy".

Some example locations:

  • Settings/Advanced/Windows OS Configuration/Secure Boot
  • Security/Secure Boot

NOTE: MSI released beta firmware for some AMD and Intel boards
and the layout looks different. Instead of "Image Execution Policy"
there is a "Secure Boot Preset" option with "Hardware/OS Compatibility"
and "Maximum Security", pick "Maximum Security".

Then change "Always Execute" to "Deny Execute" on "Removable Media" and
"Fixed Media". Optionally you can also change "Option ROM" to "Deny
Execute", read more about Option ROMs:

WARNING: DON'T USE "ALWAYS DENY" UNLESS YOU KNOW WHAT YOU ARE DOING. Use "Deny
Execute" instead.

Example UEFI firmware screenshots:

Example screenshot 1
Example screenshot 2

My blog post in English: https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
Mój post na blogu po polsku: https://dawidpotocki.com/pl/2023/01/13/msi-insecure-boot/

MSI's statement: https://www.reddit.com/r/MSI_Gaming/comments/10g9v3m/msi_statement_on_secure_boot/


Format:

  • CPU vendor:
    • Chipset:
      • Board name (release date) [build date]

Some build dates are earlier than release dates, don't ask me why.

MSI firmware shows dates in MM/DD/YYYY, I have provided them in YYYY-MM-DD.

Affected motherboards (all firmware versions):

  • AMD:
    • Every X670(E) motherboard
    • Every B650(E) motherboard
    • X570:
      • MEG X570S ACE MAX
      • MEG X570S UNIFY-X MAX
      • MPG X570S CARBON MAX WIFI / MPG X570S CARBON EK X
    • B550:
      • B550 GAMING GEN3
      • MAG B550 TOMAHAWK MAX WIFI
      • PRO B550M-P GEN3
      • PRO B550-P GEN3
      • PRO B550-VC
  • Intel:
    • Every Z790 motherboard
    • Every B760 motherboard
    • Z590:
      • MEG Z590 UNIFY-X
    • B660:
      • MAG B660M MORTAR MAX WIFI DDR4
      • PRO B660M-A CEC WIFI DDR4 V2
    • H610:
      • PRO H610M 12VO
      • PRO H610M VDHP DDR4
      • PRO H610M-E DDR4
    • H410:
      • PRO H410M-B

Affected motherboards (newer firmware versions):

  • AMD:
    • TRX40:
      • Creator TRX40: 7C59v17 (2022-05-18) [2022-05-17]
      • TRX40 PRO 10G / TRX40-A PRO: 7C60v18 (2022-05-24) [2022-05-17]
      • TRX40 PRO WIFI: 7C60v28 (2022-05-24) [2022-05-17]
    • X399:
      • MEG X399 CREATION: 7B92v146 (2022-08-11) [2022-08-11]
      • X399 GAMING PRO CARBON AC: 7B09v1D9 (2022-08-11) [2022-08-10]
      • X399 SLI PLUS: 7B09vA89 (2022-08-11) [2022-08-11]
    • X570:
      • MAG X570 TOMAHAWK WIFI: 7C84v18 (2022-01-06) [2021-12-29]
      • MAG X570S TOMAHAWK MAX WIFI: 7D54v11 (2021-12-22) [2021-12-17]
      • MAG X570S TORPEDO MAX: 7D54vA1 (2021-12-22) [2021-12-17]
      • MEG X570 ACE: 7C35v1H1 (2022-01-05) [2022-01-14]
      • MEG X570 GODLIKE: 7C34v1F (2022-01-05) [2021-12-27]
      • MEG X570 UNIFY: 7C35vAB (2021-12-23) [2021-12-22]
      • MPG X570 GAMING EDGE WIFI: 7C37v1G (2021-12-22) [2021-12-16]
      • MPG X570 GAMING PLUS: 7C37vAF (2021-12-22) [2021-12-16]
      • MPG X570 GAMING PRO CARBON WIFI: 7B93v1E (2021-12-22) [2021-12-17]
      • MPG X570S EDGE MAX WIFI: 7D53v11 (2021-12-28) [2021-12-27]
      • PRESTIGE X570 CREATION: 7C36v1F (2022-01-05) [2021-12-19]
      • X570-A PRO: 7C37vHF (2021-12-21) [2021-12-16]
    • X470:
      • X470 GAMING M7 AC: 7B77v1I1 (2022-07-15) [2022-07-19]
      • X470 GAMING PLUS: 7B79vAL1 (2022-07-04) [2022-06-24]
      • X470 GAMING PLUS MAX: 7B79vHD2 (2021-09-29) [2021-09-26]
      • X470 GAMING PRO: 7B79v1I (2022-01-28) [2022-01-26]
      • X470 GAMING PRO CARBON / X470 GAMING PRO CARBON AC: 7B78v2I1 (2022-07-15) [2022-07-16]
      • X470 GAMING PRO MAX: 7B79vMB (2021-09-29) [2021-09-28]
    • X370:
      • X370 GAMING M7 ACK: 7A35v1H2 (2022-05-10) [2022-05-12]
      • X370 GAMING PLUS: 7A33v5L2 (2022-05-10) [2022-05-12]
      • X370 GAMING PRO: 7A33v4K1 (2022-05-10) [2022-05-11]
      • X370 GAMING PRO CARBON: 7A32v1P1 (2022-05-10) [2022-05-13]
      • X370 GAMING PRO CARBON AC: 7A32v2K1 (2022-05-10) [2022-05-13]
      • X370 KRAIT GAMING: 7A33v1L2 (2022-05-10) [2022-05-10]
      • X370 SLI PLUS: 7A33v3L2 (2022-05-10) [2022-05-11]
      • X370 XPOWER GAMING TITANIUM: 7A31v1O2 (2022-05-10) [2022-05-10]
    • B550:
      • B550-A PRO: 7C56vA8 (2021-12-20) [2021-12-16]
      • B550M PRO: 7D14v26 (2022-01-05) [2021-12-22]
      • B550M PRO-DASH: 7C95v37 (2021-12-22) [2021-12-21]
      • B550M PRO-VDH / B550M PRO-VDH WIFI: 7C95v29 (2022-01-05) [2021-12-23]
      • B550M PRO-VDH WIFI (CEC): 7C95vH1 (2022-01-05) [2021-12-23]
      • B550M-A PRO: 7C96v26 (2021-12-15) [2021-12-13]
      • MAG B550 TOMAHAWK: 7C91vA8 (2021-12-20) [2021-12-16]
      • MAG B550 TORPEDO: 7C91vH5 (2021-12-20) [2021-12-16]
      • MAG B550M BAZOOKA: 7C95vA8 (2022-01-05) [2021-12-23]
      • MAG B550M MORTAR / MAG B550M MORTAR WIFI / MAG B550M MORTAR MAX WIFI: 7C94v19 (2021-12-20) [2021-12-15]
      • MAG B550M VECTOR WIFI: 7D14vB6 (2022-01-05) [2021-12-19]
      • MEG B550 UNIFY: 7D13v14 (2021-12-22) [2021-12-17]
      • MEG B550 UNIFY-X: 7D13vA4 (2021-12-23) [2021-12-17]
      • MPG B550 GAMING CARBON WIFI: 7C90v18 (2021-12-22) [2021-12-20]
      • MPG B550 GAMING EDGE WIFI: 7C91v18 (2021-12-20) [2021-12-15]
      • MPG B550 GAMING PLUS: 7C56v18 (2022-01-05) [2021-12-30]
      • MPG B550I GAMING EDGE WIFI / MPG B550I GAMING EDGE MAX WIFI: 7C92v18 (2021-12-22) [2021-12-21]
      • PRO B550M-VC WIFI: 7C95vH1 (2022-01-05) [2021-12-23]
    • B450:
      • B450 GAMING PLUS MAX: 7B86vHD3 (2021-09-29) [2021-09-28]
      • B450 GAMING PRO CARBON MAX WIFI: 7B85v283 (2021-09-29) [2021-09-28]
      • B450 MORTAR MAX: 7B89v2E3 (2021-09-29) [2021-09-28]
      • B450 TOMAHAWK: 7C02v1H8 (UNKNOWN) [2022-04-18]
      • B450 TOMAHAWK MAX: 7C02v3C (2021-09-29) [2021-09-27]
      • B450 TOMAHAWK MAX II: 7C02vH63 (2021-09-29) [2021-09-27]
      • B450-A PRO MAX: 7B86vME3 (2021-09-29) [2021-09-28]
      • B450I GAMING PLUS AC: 7A40vAF7 (UNKNOWN) [2022-03-30]
      • B450I GAMING PLUS MAX WIFI: 7A40vB62 (2021-09-29) [2021-09-27]
      • B450M BAZOOKA: 7A38vHH6 (UNKNOWN) [2022-04-13]
      • B450M BAZOOKA MAX WIFI: 7C87v17 (2021-09-29) [2021-09-27]
      • B450M BAZOOKA PLUS: 7B90v1F6 (UNKNOWN) [2022-04-21]
      • B450M BAZOOKA V2: 38vPE6 (UNKNOWN) [2022-04-13]
      • B450M MORTAR: 7B89v1I (2022-08-10) [2022-07-27]
      • B450M MORTAR TITANIUM: 7B89vAG6 (UNKNOWN) [2022-04-21]
      • B450M PRO-M2 MAX: 7B84vAE2 (2021-09-29) [2021-09-27]
      • B450M PRO-M2: 7B84v2H7 (UNKNOWN) [2022-04-11]
      • B450M PRO-M2 V2: 7B84v4E (UNKNOWN) [2022-04-11]
      • B450M PRO-VDH PLUS: 7A38v9C4 (2021-10-12) [2021-10-09]
      • B450M PRO-VDH V2: 7A38v8F6 (UNKNOWN) [2022-04-13]
      • B450M-A PRO MAX: 7C52v3D2 (2021-09-29) [2021-09-28]
    • B350:
      • B350 GAMING PLUS: 7A34vMHS (2021-11-04) [2021-11-04]
      • B350 GAMING PRO CARBON: 7B00v1JS (2021-11-02) [2021-11-01]
      • B350 KRAIT GAMING: 7B08v1IS (2021-11-02) [2021-11-01]
      • B350 PC MATE: 7A34vALS (2021-11-04) [2021-11-04]
      • B350 TOMAHAWK: 7A34v1Q2 (2021-11-04) [2021-11-04]
      • B350 TOMAHAWK ARCTIC: 7A34vHKS (2021-11-04) [2021-11-04]
      • B350 TOMAHAWK PLUS: 7B36v1ER (2021-11-02) [2021-11-01]
      • B350I PRO AC: 7A40v1E2 (2022-05-10) [2021-11-01]
      • B350M BAZOOKA: 7A38v1LR (2021-11-02) [2021-11-01]
      • B350M GAMING PRO: 7A39v2NS (2021-11-02) [2021-11-01]
      • B350M MORTAR: 7A37v1MW (2021-11-04) [2021-11-01]
      • B350M MORTAR ARCTIC: 7A37vAKT (2021-11-04) [2021-11-01]
      • B350M PRO-VD PLUS: 7B38v2GV (2021-11-04) [2021-11-04]
      • B350M PRO-VDH PLUS: 7A38vAJS (2021-11-02) [2021-11-02]
      • B350M PRO-VH PLUS: 7B07v2FV (2021-11-02) [2021-11-01]
    • A520:
      • A520M PRO: 7D14v193 (2021-09-27) [2021-09-26]
      • A520M PRO-C DASH: 7C57v173 (2021-09-27) [2021-09-26]
      • A520M PRO-VDH: 7D49v135 (2021-09-27) [2021-09-26]
      • A520M PRO-VH: 7C96vA81 (2022-08-08) [2022-08-11]
      • A520M-A PRO: 7C96v183 (2021-09-27) [2021-09-28]
      • MAG A520M BAZOOKA WIFI: 7D49vA35 (2021-09-27) [2021-09-26]
      • MAG A520M VECTOR WIFI: 7D14vA93 (2021-09-27) [2021-09-26]
    • A320:
      • A320M GRENADE: 7A39vAK2 (2022-05-10) [2022-05-11]
      • A320M PRO-VH / A320M-A PRO M2: 7C52v192 (2022-01-05) [2022-01-04]
      • A320M PRO-C: 7C58v242 (2022-05-10) [2022-05-13]
      • A320M-A PRO MAX: 7C52v411 (2022-05-10) [2022-05-10]
      • A320M-A PRO: 7C51v162 (2021-12-28) [2021-12-22]
      • A320M PRO-M2 V2: 7B84v34Z (2021-11-04) [2021-11-04]
      • A320M PRO-E: 7A36vH51 (2021-11-02) [2021-11-02]
      • A320M PRO-VD/S V2: 7A36vA63 (2022-05-10) [2022-05-14]
      • A320M PRO-M2: 7B84v191 (2022-07-19) [2022-07-19]
      • A320M PRO-VHL: 7B07v1I2 (2022-05-10) [2022-05-10]
      • A320M PRO-VD PLUS: 7B38v1I2 (2022-05-10) [2022-05-13]
      • A320M PRO-VH PLUS: 7B07v3I2A (2022-05-10) [2022-05-10]
      • A320M BAZOOKA: 7A38v2K2 (2022-05-10) [2022-05-11]
      • A320M GAMING PRO: 7A39v1M2 (2022-05-10) [2022-05-10]
      • A320M PRO-VD/S: 7A36v2L3 (2022-05-10) [2022-05-14]
  • Intel:
    • X299:
      • Creator X299: 7B96v151 (2022-03-10) [2022-09-07]
      • MEG X299 CREATION: 7C06v183 (UNKNOWN) [2022-09-07]
      • X299 GAMING M7 ACK: 7A90v1G (UNKNOWN) [2022-09-07]
      • X299 GAMING PRO CARBON / X299 GAMING PRO CARBON AC: 7A95v1H2 (UNKNOWN) [2022-09-07]
      • X299 PRO / X299 PRO 10G: 7B94v142 (UNKNOWN) [2022-09-07]
      • X299 RAIDER: 7A94v1H4 (UNKNOWN) [2022-09-07]
      • X299 SLI PLUS: 7A93v1I6 (UNKNOWN) [2022-09-08]
      • X299 TOMAHAWK / X299 TOMAHAWK AC: 7B05v1G2 (UNKNOWN) [2022-09-07]
      • X299 TOMAHAWK ARCTIC: 7B05v2G (UNKNOWN) [2022-09-07]
      • X299 XPOWER GAMING AC: 7A91v1F2 (UNKNOWN) [2022-09-08]
      • X299-A PRO / X299-S01A: 7A94vA24 (2022-03-10) [2022-09-07]
      • X299M GAMING PRO CARBON AC: 7B06v1F2 (2022-03-10) [2022-09-07]
      • X299M-A PRO: 7B40v1D2 (2022-03-10) [2022-09-07]
    • Z690:
      • MAG Z690 TOMAHAWK WIFI: 7D32vH41 (2022-05-18) [2022-05-17]
      • MAG Z690 TOMAHAWK WIFI DDR4: 7D32v142 (2022-05-18) [2022-05-18]
      • MAG Z690 TORPEDO / MAG Z690 TORPEDO EK X: 7D32vA41 (2022-05-18) [2022-05-17]
      • MAG Z690M MORTAR WIFI: 7D42vB31 (2022-05-18) [2022-05-19]
      • MEG Z690 ACE: 7D27v143 (2022-05-18) [2022-05-17]
      • MEG Z690 GODLIKE: 7D26v141 (2022-05-18) [2022-05-18]
      • MEG Z690 UNIFY: 7D28v142 (2022-05-18) [2022-05-18]
      • MEG Z690 UNIFY-X: 7D28vA42 (2022-05-18) [2022-05-18]
      • MEG Z690I UNIFY: 7D29v142 (2022-05-18) [2022-05-18]
      • MPG Z690 CARBON WIFI / MPG Z690 CARBON EK X: 7D30v144 (2022-05-18) [2022-05-17]
      • MPG Z690 EDGE WIFI: 7D31vH42 (2022-05-18) [2022-05-18]
      • MPG Z690 EDGE WIFI DDR4: 7D31v144 (2022-05-18) [2022-05-18]
      • MPG Z690 FORCE WIFI: 7D30vA42 (2022-05-18) [2022-05-17]
      • PRO Z690-A / PRO Z690-A WIFI: 7D25vA42 (2022-05-23) [2022-05-17]
      • PRO Z690-A DDR4 / PRO Z690-A WIFI DDR4: 7D25v143 (2022-05-23) [2022-05-17]
      • PRO Z690-P DDR4: 7D36vA5 (2022-05-18) [2022-05-18]
      • PRO Z690-P WIFI: 7D33v121 (2022-05-18) [2022-05-18]
    • Z590:
      • MAG Z590 TOMAHAWK WIFI: 7D08v23 (2021-09-15) [2021-09-13]
      • MAG Z590 TORPEDO: 7D08vA3 (2021-09-15) [2021-09-13]
      • MEG Z590 ACE / MEG Z590 ACE GOLD EDITION: 7D04v13 (2021-09-15) [2021-09-22]
      • MEG Z590 GODLIKE: 7D03vA3 (2021-09-15) [2021-09-22]
      • MEG Z590 UNIFY: 7D38v12 (2021-09-15) [2021-09-06]
      • MEG Z590 UNIFY-X: 7D38vA2 (2021-09-15) [2021-09-06]
      • MEG Z590I UNIFY: 7D05v13 (2021-09-13) [2021-09-08]
      • MPG Z590 GAMING CARBON WIFI / MPG Z590 CARBON EK X: 7D06v15 (2021-09-15) [2021-09-13]
      • MPG Z590 GAMING EDGE WIFI: 7D07v13 (2021-09-13) [2021-09-09]
      • MPG Z590 GAMING FORCE: 7D06vA3 (2021-09-15) [2021-09-13]
      • MPG Z590 GAMING PLUS: 7D07vA3 (2021-09-13) [2021-09-09]
      • MPG Z590M GAMING EDGE WIFI: 7D12v12 (2021-09-14) [2021-09-08]
      • Z590 PLUS: 7D11v13 (2021-09-15) [2021-09-09]
      • Z590 PRO / Z590 PRO WIFI / Z590-A PRO: 7D09v13 (2021-09-08) [2021-09-06]
      • Z590 PRO WIFI (CEC): 7D09vA3 (2021-09-09) [2021-09-06]
      • Z590M PRO: 7D18v22 (2021-09-15) [2021-09-09]
    • Z490:
      • MAG Z490 TOMAHAWK: 7C80v1A (2021-10-18) [2021-10-19]
      • MEG Z490 ACE: 7C71v1A (2021-09-13) [2021-09-30]
      • MEG Z490 GODLIKE: 7C70v1A (2021-10-18) [2021-10-21]
      • MEG Z490 UNIFY: 7C71vAA (2021-09-13) [2021-09-30]
      • MEG Z490I UNIFY: 7C77v1A (2021-10-18) [2021-10-20]
      • MPG Z490 GAMING CARBON WIFI / MPG Z490 CARBON EK X: 7C73v1A (2021-10-18) [2021-10-22]
      • MPG Z490 GAMING EDGE WIFI: 7C79v19 (2021-09-13) [2021-09-30]
      • MPG Z490 GAMING PLUS: 7C75vA9 (2021-09-13) [2021-09-30]
      • MPG Z490M GAMING EDGE WIFI: 7C76v2A (2021-09-13) [2021-09-30]
      • Z490 PLUS: 7C98v16 (2021-10-30) [2021-10-22]
      • Z490-A PRO: 7C75v2B (2021-09-13) [2021-09-30]
    • Z390:
      • MAG Z390 TOMAHAWK: 7B18v1C (2022-11-08) [2022-11-02]
      • MAG Z390M MORTAR: 7C00v1B3 (2022-10-14) [2022-10-13]
      • MEG Z390 ACE: 7B12v1B3 (2022-10-14) [2022-10-13]
      • MEG Z390 GODLIKE: 7B10v1D (2022-11-07) [2022-11-01]
      • MPG Z390 GAMING EDGE AC: 7B17vAC3 (2022-10-14) [2022-10-13]
      • MPG Z390 GAMING PLUS: 7B51v1E2 (2022-10-14) [2022-10-12]
      • MPG Z390 GAMING PRO CARBON / MPG Z390 GAMING PRO CARBON AC: 7B17v1C3 (2022-10-14) [2022-10-13]
      • MPG Z390I GAMING EDGE AC: 7C04v1B (2022-11-07) [2022-10-21]
      • MPG Z390M GAMING EDGE AC: 7B50v1C (2022-10-24) [2022-10-20]
      • Z390-A PRO: 7B98v1E (2022-11-08) [2022-10-21]
    • B660:
      • MAG B660 TOMAHAWK EVA e-PROJECT: 7D41vH31 (2022-05-23) [2022-05-23]
      • MAG B660 TOMAHAWK WIFI: 7D41vA31 (2022-05-23) [2022-05-23]
      • MAG B660 TOMAHAWK WIFI DDR4: 7D41v241 (2022-05-23) [2022-05-23]
      • MAG B660M BAZOOKA: 7D43vM21 (2022-05-23) [2022-05-21]
      • MAG B660M MORTAR / MAG B660M MORTAR WIFI: 7D42vA31 (2022-05-18) [2022-05-19]
      • MAG B660M MORTAR DDR4 / MAG B660M MORTAR WIFI DDR4: 7D42v143 (2022-05-18) [2022-05-19]
      • PRO B660-A / PRO B660M-A WIFI: 7D59vA31 (2022-05-23) [2022-05-21]
      • PRO B660-A DDR4 / PRO B660M-A WIFI DDR4: 7D59v131 (2022-05-23) [2022-05-21]
      • PRO B660M-A / PRO B660M-A WIFI: 7D43vA31 (2022-05-23) [2022-05-20]
      • PRO B660M-A CEC WIFI DDR4: 7D37v131 (2022-05-18) [2022-05-18]
      • PRO B660M-A DDR4 / PRO B660M-A WIFI DDR4: 7D43v133 (2022-05-23) [2022-05-19]
      • PRO B660M-B: 7D45vA21 (2022-05-23) [2022-05-20]
      • PRO B660M-B DDR4: 7D45v141 (2022-05-23) [2022-05-20]
      • PRO B660M-E DDR4: 7D46v231 (2022-05-18) [2022-05-18]
      • PRO B660M-G: 7D45vA21 (2022-05-23) [2022-05-20]
      • PRO B660M-G DDR4: 7D45v141 (2022-05-23) [2022-05-23]
      • PRO B660M-P DDR4 / PRO B660M-P WIFI DDR4: 7D24v221 (2022-05-18) [2022-05-18]
      • PRO B660M-VC WIFI DDR4: 7D37v131 (2022-05-18) [2022-05-18]
    • B560:
      • B560-A PRO: 7D15vH1 (2021-09-15) [2021-09-09]
      • B560M PRO: 7D20v13 (2021-09-15) [2021-09-09]
      • B560M PRO WIFI: 7D21v12 (2021-09-15) [2021-09-09]
      • B560M PRO-E: 7D22v23 (2021-09-15) [2021-09-09]
      • B560M PRO-VDH / B560M PRO-VDH WIFI: 7D18v13 (2021-09-15) [2021-09-09]
      • B560M PRO-VDH WIFI (CEC): 7D18vH1 (2021-09-15) [2021-09-09]
      • B560M-A PRO: 7D20v253 (2022-05-23) [2022-05-21]
      • MAG B560 TOMAHAWK WIFI: 7D15v23 (2021-09-15) [2021-09-09]
      • MAG B560 TORPEDO: 7D15vA3 (2021-09-15) [2021-09-09]
      • MAG B560M BAZOOKA: 7D18vA3 (2021-09-15) [2021-09-09]
      • MAG B560M MORTAR / MAG B560M MORTAR WIFI: 7D17v14 (2021-09-09) [2021-09-08]
      • MPG B560I GAMING EDGE WIFI: 7D19v13 (2021-09-10) [2021-09-09]
    • B460:
      • B460M PRO / B460M-A PRO: 7C88v17 (2021-10-18) [2021-10-22]
      • B460M PRO-VDH / B460M PRO-VDH WIFI: 7C83v15 (2021-10-30) [2021-10-26]
      • MAG B460 TOMAHAWK: 7C81v13 (2021-10-30) [2021-10-25]
      • MAG B460 TORPEDO: 7C81vA2 (2021-10-30) [2021-10-25]
      • MAG B460M BAZOOKA: 7C83vA4 (2021-10-30) [2021-10-26]
      • MAG B460M MORTAR / MAG B460M MORTAR WIFI: 7C82v15 (2021-10-18) [2021-10-19]
      • MPG B460I GAMING EDGE WIFI: 7C86v12 (2021-11-12) [2021-11-05]
    • B360:
      • B360M BAZOOKA PLUS: 7B23vHC (2022-10-28) [2022-10-24]
      • B360-A PRO / B360 GAMING ARCTIC / B360 GAMING PLUS: 7B22v2D (2022-10-24) [2022-10-21]
      • B360M PRO-VD / B360M PRO-VH: 7B53v1C (2022-11-07) [2022-10-21]
      • B360M PRO-VDH: 7B24vAC (2022-11-02) [2022-10-26]
      • B360M MORTAR: 7B23v1C (2022-10-27) [2022-10-24]
      • B360M MORTAR TITANIUM: 7B23vAC (2022-10-27) [2022-10-24]
      • B360M BAZOOKA: 7B24v2C (2022-11-02) [2022-10-26]
      • B360 GAMING PRO CARBON: 7B16v2D (2022-11-14) [2022-11-03]
      • B360M GAMING PLUS: 7B19v1B (2022-10-25) [2022-10-20]
      • B360I GAMING PRO AC: 7B31v1B (2022-11-07) [2022-10-28]
      • B360-F PRO: 7B25v1B (2022-10-24) [2022-10-20]
    • H670:
      • MAG H670 TOMAHAWK WIFI DDR4: 7D25vH4 (2022-05-23) [2022-05-23]
    • H610:
      • PRO H610M-B DDR4 / PRO H610M-G DDR4 / PRO H610M-G WIFI DDR4: 7D46v131 (2022-05-18) [2022-05-18]
      • PRO H610M-C EX: 7D56v131 (2022-05-23) [2022-05-20]
      • PRO H610M-C EX DDR4: 7D56vA11 (2022-05-23) [2022-05-23]
    • H510:
      • H510I PRO WIFI: 7D16v13 (2021-09-10) [2021-09-09]
      • H510M PRO: 7D22v16 (2021-09-15) [2021-09-09]
      • H510M PRO-E: 7D23v11 (2021-09-16) [2021-09-14]
      • H510M-A PRO: 7D22v35 (2021-09-15) [2021-09-10]
      • H510TI-S01: 7D35v11 (2022-02-10) [2022-01-20]
    • H410:
      • H410I PRO WIFI: 7C86v22 (2021-11-12) [2021-11-08]
      • H410M PRO / H410M-A PRO / H410M PRO-VH: 7C89v19 (2021-11-01) [2021-11-05]
      • H410M PRO-C: 7D01v14 (2021-10-18) [2021-11-05]
      • H410M PRO-E: 7C85v11 (2021-10-18) [2021-10-22]
    • H370:
      • H370 GAMING PLUS: 7B22v1D (2022-10-25) [2022-10-21]
      • H370 GAMING PRO CARBON: 7B16v1D (2022-11-11) [2022-11-03]
      • H370M BAZOOKA: 7B24v1C (2022-11-02) [2022-10-26]
    • H310:
      • H310-A PRO: 7B83v1B (2022-11-07) [2022-10-26]
      • H310-F PRO: 7B25v2B (2022-10-24) [2022-10-21]
      • H310I PRO: 7B80v1A (2022-11-08) [2022-10-28]
      • H310M GAMING ARCTIC: 7B28vHB (2022-10-25) [2022-10-21]
      • H310M GAMING PLUS: 7B28v1B (2022-10-25) [2022-10-21]
      • H310M PRO-D / H310M PRO-VD / H310M PRO-VH: 7B33v1D (2022-11-08) [2022-10-28]
      • H310M PRO-M2: 7B28vAC (2022-10-24) [2022-10-20]
      • H310M PRO-VDH: 7B29v1D (2022-10-14) [2022-10-12]
      • H310M PRO-VHL: 7B27v1C (2022-10-27) [2022-10-24]
      • H310M PRO-VL: 7B75v1B (2022-10-24) [2022-10-21]

Unaffected motherboards (so far):

  • AMD:
    • A320:
      • A320M PRO-VD
  • Intel:
    • Z590:
      • MPG Z590 GAMING EDGE WIFI SP
    • Every Z370 motherboard
    • H310:
      • H310M PRO-C
      • H310M PRO-D PLUS
      • H310M PRO-M2 PLUS
      • H310M PRO-VD PLUS
      • H310M PRO-VDH PLUS
      • H310M PRO-VH PLUS
      • H310M PRO-VL PLUS
      • H310M PRO-VLH PLUS

No downloadable firmware available, need volunteers

  • Intel:
    • X299:
      • MPG X299M GAMING EDGE AC
    • H610:
      • H610TI-S01
    • H510:
      • H510TI-S03
      • H510TI-S05
      • PRO H510M-E

Original issue

Title: MSI PRO Z790-A has very broken Secure Boot

Submitting as Foxboron asked me to.

Feel free to open an issue on sbctl and we can keep track of it

Chat log: https://view.matrix.org/room/!GtIfdsfQtQIgbQSxwJ:archlinux.org/?anchor=$smbsrKoEbpAzdUlEfGDSA-StHWVsoVbotfH06e3lVXs&offset=120

The board seems to accept unsigned OSes when booting with Secure Boot
enabled. Firmware version: E7E07IMS.A22 (7E07vA2).

This is how it went:

I went to firmware to enable Secure Boot and also wiped factory keys to
switch into Setup Mode. Then I checked sbctl status and noticed that
while Secure Boot was enabled, Setup Mode was disabled and Microsoft was
still enrolled.

$ sbctl status
Installed:      ✓ sbctl is installed
Owner GUID:     6e2b1be3-6ecf-41e6-a59b-a30efdfa85ba
Setup Mode:     ✓ Disabled
Secure Boot:    ✓ Enabled
Vendor Keys:    microsoft

Well that made no sense. I went back to firmware and toggled "Custom"
mode to "Standard" or something like that. Well… still booting.

Here is the output of commands that I was asked to run:

$ efi-readvar -v db
Variable db, length 3961
db: List 0, type X509
    Signature 0, size 790, owner 841d6484-c82e-4135-ac79-0bf5d26284cd
        Subject:
            CN=MSI SHIP DB
        Issuer:
            CN=MSI SHIP KEK
db: List 1, type X509
    Signature 0, size 1572, owner 77fa9abd-0359-4d32-bd60-28f4e78f784b
        Subject:
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
        Issuer:
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
db: List 2, type X509
    Signature 0, size 1515, owner 77fa9abd-0359-4d32-bd60-28f4e78f784b
        Subject:
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
        Issuer:
            C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
$ efibootmgr -v
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0001
Boot0000* Linux Boot Manager    HD(1,GPT,eee220d1-aec3-45fa-adf2-596981dc70e1,0x800,0x100000)/File(\EFI\systemd\systemd-bootx64.efi)
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 d1 20 e2 ee c3 ae fa 45 ad f2 59 69 81 dc 70 e1 02 02 / 04 04 46 00 5c 00 45 00 46 00 49 00 5c 00 73 00 79 00 73 00 74 00 65 00 6d 00 64 00 5c 00 73 00 79 00 73 00 74 00 65 00 6d 00 64 00 2d 00 62 00 6f 00 6f 00 74 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
Boot0001* UEFI OS       HD(1,GPT,eee220d1-aec3-45fa-adf2-596981dc70e1,0x800,0x100000)/File(\EFI\BOOT\BOOTX64.EFI)0000424f
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 d1 20 e2 ee c3 ae fa 45 ad f2 59 69 81 dc 70 e1 02 02 / 04 04 30 00 5c 00 45 00 46 00 49 00 5c 00 42 00 4f 00 4f 00 54 00 5c 00 42 00 4f 00 4f 00 54 00 58 00 36 00 34 00 2e 00 45 00 46 00 49 00 00 00 / 7f ff 04 00
    data: 00 00 42 4f
$ sbverify --list /efi/EFI/systemd/systemd-bootx64.efi
warning: data remaining[110080 vs 121365]: gaps between PE/COFF sections?
warning: data remaining[110080 vs 121368]: gaps between PE/COFF sections?
No signature table present
$ fwupdmgr update
WARNING: UEFI capsule updates not available or enabled in firmware setup
  See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
Devices with no available firmware updates:
 • 0000:00:1f.5
 • CT2000P5PSSD8
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade UEFI dbx from 77 to 217?                                             ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This updates the dbx to the latest release from Microsoft which adds         ║
║ insecure versions of grub and shim to the list of forbidden signatures due   ║
║ to multiple discovered security updates.                                     ║
║                                                                              ║
║ Before installing the update, fwupd will check for any affected executables  ║
║ in the ESP and will refuse to update if it finds any boot binaries signed    ║
║ with any of the forbidden signatures. If the installation fails, you will    ║
║ need to update shim and grub packages before the update can be deployed.     ║
║                                                                              ║
║ Once you have installed this dbx update, any DVD or USB installer images     ║
║ signed with the old signatures may not work correctly. You may have to       ║
║ temporarily turn off secure boot when using recovery or installation media,  ║
║ if new images have not been made available by your distribution.             ║
║                                                                              ║
╚══════════════════════════════════════════════════════════════════════════════╝

Perform operation? [Y|n]:

Later tried to sign all EFI binaries with my unenrolled keys and… it
still booted.

@medhefgo
Copy link
Contributor

What loader is \EFI\BOOT\BOOTX64.EFI and is it signed? Also, does bootctl agree on secure boot state?

MSI firmware is pretty much identical to ASUS, so these instructions should work for you: https://github.com/Foxboron/sbctl/blob/master/docs/workflow-example.md. You can even make screenshots with F12 (it should ask you for a usb stick to store them onto), which may help us figuring out if everything is set up correctly.

@Foxboron
Copy link
Owner

Foxboron commented Dec 11, 2022

@medhefgo The issue is that BOOTX64.EFI is not being booted, and it apparently boots the unsigned sd-boot binary.

I found all of this too weird to not have an issue about it.

EDIT:

Also, does bootctl agree on secure boot state?

Yes, the chat log included the bootctl output and it said SB is enabled.

@medhefgo
Copy link
Contributor

Yes, the chat log included the bootctl output and it said SB is enabled.

That chatlog is terrible and I cannot find the bootctl output. I'll take your word for it.

It seems that MSI has other boards with weird secure boot issues: memtest86plus/memtest86plus#201 (comment) (in that case always being enabled and working).

I went to firmware to enable Secure Boot and also wiped factory keys to
switch into Setup Mode. Then I checked sbctl status and noticed that
while Secure Boot was enabled, Setup Mode was disabled and Microsoft was
still enrolled.

Was this done in one step or with a save and reset in between? Does the secure boot menu explicitly state that secure boot is disabled after clearing the keys (before leaving the firmware setup)? Have you tried only deleting the PK while leaving the others keys as is?

Resetting firmware settings and/or downgrading/reflashing the firmware might be something to try…

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Dec 12, 2022

Here is a bunch of runs I just did:

Run 0

Secure Boot enabled with factory keys.

Run 0, Firmware 0
Run 0, OS 0

Run 1

Changed Secure Boot Mode to Custom and showing all keys enrolled.

Run 1, Firmware 0
Run 1, Firmware 1
Run 1, Firmware 2
Run 1, Firmware 3
Run 1, Firmware 4
Run 1, OS 0

Run 2

Disabled Secure Boot. This one is kinda interesting, cause I remember disabling SB and still OS behaving as if it still was enabled.

Run 2, Firmware 0
Run 2, Firmware 1
Run 2, OS 0

Run 3

Clearing Secure Boot keys.

Run 3, Firmware 0
Run 3, Firmware 1
Run 3, OS 0

Run 4

When checking enrolled keys, factory keys were back. This time when clearing keys I didn't just press "Yes" when clearing keys. I checked enrolled keys and noticed that there is an option to automatically enroll factory keys… oh well. I didn't notice it earlier as I was focused on keys showing that there is nothing there and popup telling me that it will put me in Setup Mode. Disabled that and it worked. My bad, but MSI should have designed their firmware better.

Run 4, Firmware 0
Run 4, Firmware 1
Run 4, Firmware 2
Run 4, Firmware 3
Run 4, OS 0

Run 5

Trying to remove just PK, it… doesn't do anything. Maybe it would be able to delete non-factory key, but idk.

Run 5, Firmware 0
Run 5, Firmware 1
Run 5, OS 0

Soon™

I will try reflashing firmware and downgrading, but not today. I tried changing some settings that I changed back to defaults to check if they caused this issue, but no. I didn't change much, mostly just memory speed, timings and fan settings.


EDIT:

What loader is \EFI\BOOT\BOOTX64.EFI and is it signed?

It's systemd-boot and it's not signed.

dawid@archlinux in ~
$ sbverify --list /efi/EFI/systemd/systemd-bootx64.efi
warning: data remaining[110592 vs 121739]: gaps between PE/COFF sections?
warning: data remaining[110592 vs 121744]: gaps between PE/COFF sections?
No signature table present
dawid@archlinux in ~
$ sbverify --list /efi/EFI/BOOT/BOOTX64.EFI
warning: data remaining[110592 vs 121739]: gaps between PE/COFF sections?
warning: data remaining[110592 vs 121744]: gaps between PE/COFF sections?
No signature table present

@medhefgo
Copy link
Contributor

Well, that is some interesting firmware…

Have you tried enrolling your own keys when in setup mode? And does that properly activate signature checking?

I have two working theories right now:

  1. The firmware might be trusting your efi binaries on a TOFU basis on first boot after clearing the keys. Easily tested by swapping out to a different build/version of sd-boot after booting once.
  2. The firmware might be thinking your boot hd is a trusted firmware volume and therefore does not enforce signatures. If that is the case it might refuse booting unsigned images from a usb stick (ideally different from the ones on the ESP).

If possible, you could also try moving the ESP to a different internal drive. I'm also wondering if it would accept efi binaries coming from a XBOOTLDR partition…

@Foxboron
Copy link
Owner

Is there a reliably way to detect motherboard versions from Linux? I'm contemplating if sbctl should have a generic "wonkey warning" if it encounters known bad motherboard+firmware versions.

@medhefgo
Copy link
Contributor

Is there a reliably way to detect motherboard versions from Linux? I'm contemplating if sbctl should have a generic "wonkey warning" if it encounters known bad motherboard+firmware versions.

DMI/SMBIOS info is the best source you're looking for (demidecode). And even that is full of "to be filled by OEM" crap that has to be filtered out. Best thing is to access it by hostnamectl (or hostnamed dbus API) as it does that for you.

@dawidpotocki
Copy link
Contributor Author

The firmware might be thinking your boot hd is a trusted firmware volume and therefore does not enforce signatures. If that is the case it might refuse booting unsigned images from a usb stick (ideally different from the ones on the ESP).

Unless RebeccaBlackOS has Secure Boot support, I think that's pretty unlikely.

@medhefgo
Copy link
Contributor

Unless RebeccaBlackOS has Secure Boot support, I think that's pretty unlikely.

The firmware not checking the signature has nothing to do with your OS. And firmwares are known to do silly things, and confusing the ESP as an internally trusted firmware volume is something I wouldn't put past them.

It would also be interesting to see if it will at least handle the blocklist correctly by trying to boot a signed shim that is on the blocklist. Which version to try is a different question though, but one from like 2 years ago or so along with the dbx update should suffice.

@dawidpotocki
Copy link
Contributor Author

The firmware not checking the signature has nothing to do with your OS.

Well, you told me boot something from a USB and I'm just saying that I did that.

It would also be interesting to see if it will at least handle the blocklist correctly by trying to boot a signed shim that is on the blocklist.

Will try later.

@medhefgo
Copy link
Contributor

Well, you told me boot something from a USB and I'm just saying that I did that.

That was a rather roundabout way of saying that.

For shim testing, make sure that the dbx update has been applied again (because it gets cleared when sb vars are reset). Then make an entry that points to the shim binary with a copy of you loader (I recommend an efi shell) named to grubx64.efi next to it. A quick test on my machine says that this one is old enough to get rejected: https://kojipkgs.fedoraproject.org//vol/fedora_koji_archive05/packages/shim/13/2/x86_64/shim-x64-13-2.x86_64.rpm

@medhefgo
Copy link
Contributor

Well, you told me boot something from a USB and I'm just saying that I did that.

Are you sure that was an UEFI boot and not CSM? Cause the iso does not have a EFI directory.

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Dec 12, 2022

Shouldn't Secure Boot decline it anyway? But okay, Arch Linux and Void
Linux iso will start GRUB, but GRUB will complain that shim lock is not
available when picking an entry and will not start the OS.

error: shim_lock protocol not found
error: you need to load kernel first

My understanding is that GRUB shouldn't even boot if Secure Boot was
working, so it's just GRUB expecting to be signed or used with a shim
and failing.

@dawidpotocki
Copy link
Contributor Author

I just tried every firmware available from MSI's website. They all have
Secure Boot broken.

https://www.msi.com/Motherboard/PRO-Z790-A-WIFI/support

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Dec 16, 2022

I found the solution and I hate it.

By default MSI sets "Always execute" on policy violation on everything, essentially making Secure Boot useless with the default settings. This shouldn't be the default. Also "Query user" is useless if user is using some type of a bootloader, as it won't accept input anymore.

image


EDIT: Maybe sbctl should warn people on MSI motherboards about this setting? It makes people have a false sense of security.

To change it you have to:

  1. Set Secure Boot Mode to "Custom"
  2. Open "Image Execution Policy"
  3. Change policies to "Deny Execute".

@medhefgo
Copy link
Contributor

EDIT: Maybe sbctl should warn people on MSI motherboards about this setting? It makes people have a false sense of security.

It should. And it's probably prudent to do so for all MSI firmware that claim to be UEFI 2.80 and not just for this board/firmware.

  1. Set Secure Boot Mode to "Custom"

Out of curiosity, what are the options for secure boot mode (I assume standard, custom and disabled)? From what I can tell, keys and execution policy can only be changed when set to custom?

These screenshots should be turned into another guide by someone (I am feeling lazy :D).

Also, I strongly suggest to keep OptionROM at always execute. Removable media should also be deny execute or malware has an easy attack vector as long as a usb drive is plugged in.

@dawidpotocki
Copy link
Contributor Author

I just asked someone with an MSI B450 TOMAHAWK MAX to check their firmware… same options by default. It looks like it isn't exclusive to my board. Though not sure when it was introduced.

MSI B450 TOMAHAWK MAX firmware

@dawidpotocki
Copy link
Contributor Author

Out of curiosity, what are the options for secure boot mode (I assume standard, custom and disabled)? From what I can tell, keys and execution policy can only be changed when set to custom?

Standard and Custom. Executing Policy can only be changed in Custom.

@medhefgo
Copy link
Contributor

What UEFI version is reported by bootctl for them?

@Foxboron
Copy link
Owner

This sounds extremely broken.

@dawidpotocki
Copy link
Contributor Author

Their output (very fun, who doesn't love some n/a?):

$ bootctl
System:
     Firmware: n/a (n/a)

$ hostnamectl
   Hardware Vendor: Micro-Star International Co., Ltd
    Hardware Model: MS-7C02
  Firmware Version: 3.F0

Btw, with Option ROM being set to Always Execute, could people then just not bother to enroll Microsoft's key?

@medhefgo
Copy link
Contributor

Their output (very fun, who doesn't love some n/a?):

They're not using sd-boot then. Can you ask them to use it just once so we can get to the UEFI version?

Btw, with Option ROM being set to Always Execute, could people then just not bother to enroll Microsoft's key?

That's my expectation, yes.

@medhefgo
Copy link
Contributor

(There's no need to create a boot entry, btw. The UEFI version is also listed when you press p in the sd-boot menu.)

@medhefgo
Copy link
Contributor

2. The firmware might be thinking your boot hd is a trusted firmware volume and therefore does not enforce signatures. If that is the case it might refuse booting unsigned images from a usb stick (ideally different from the ones on the ESP).

I just realized that one of my theories was correct. Yay me. 😹

@Foxboron
Copy link
Owner

That sounds like a terrible default though. Glad we got it documented.

@dawidpotocki
Copy link
Contributor Author

They're not using sd-boot then. Can you ask them to use it just once so we can get to the UEFI version?

Firmware: UEFI 2.70 (American Megatrends 5.17)

@medhefgo
Copy link
Contributor

So, considering that the UEFI spec version is hard to get by unless sd-boot (or sd-stub) is used, one could probably use the BIOS revision field from dmidecode for that if the board vendor is MSI as those versions seem to get incremented in tandem.

@dawidpotocki
Copy link
Contributor Author

I got more information from another user of a B450 TOMAHAWK MAX. The
affected firmware on this board is 7C02v3C from 2022-01-18. 7C02v3B
from 2021-05-25 doesn't have the "Image Execution Policy" option and
will give an image execution violation message.

The bad news is that the changelog mentions NOTHING about this change.
So it might be hard to get the list of all affected boards, but I
suspect that every firmware from 2022 onwards is affected. I found some
patterns in changelogs and firmware versions, but need confirmation.
Would need more volunteres with different boards to pin point the exact
date and firmware.

7C02v3C
Description:

  • Update to ComboAM4PIV2 1.2.0.5

Now, the output from bootctl and hostnamectl. As we can see, we can't
rely on AMI version. This isn't very surprising to me as I was able to
find Asus and MSI manuals from 2013 with "Image Execution Policy"
mentioned. So this option has been available for a long time, it just
was hidden from us.

7C02v3C

Firmware Version: 3.C0
Firmware: UEFI 2.70 (American Megatrends 5.17)

7C02v3B

Firmware Version: 3.B0
Firmware: UEFI 2.70 (American Megatrends 5.17)

I have updated the issue with a list of mobos and firmware that I
believe to be affected.

@dawidpotocki dawidpotocki changed the title MSI PRO Z790-A has very broken Secure Boot MSI has very insecure Secure Boot defaults Dec 25, 2022
@josephlr
Copy link

josephlr commented Jan 4, 2023

I have a B550-A-PRO-CEC motherboard, and I can confirm that AMI BIOS version 7C56vH4 has this issue. The default image execution policy is "Always Execute" even when the Secure Boot mode is "Standard".

I would assume the B550-A-PRO BIOS version 7C56vAB also has this issue as they are just different names for the same BIOS.

The BIOS changelog has a suspicious entry:

Change the default setting of Secure Boot.

I'm wondering if that's the change which caused all these problems.

@dawidpotocki
Copy link
Contributor Author

Looks like the B550 Gaming Plus already had this fixed in recent
updates?

  • Change the default setting of Secure Boot.

No, it's still affected. This change means that they have enabled
"Secure Boot" by default.

Some vendors decide not to provide any UI sections, so "Setup" will be
missing from the name, but absolute most of them don't change the
default GUID that AMI chose for their BIOS Setup app.

Huh! Good to know. Unfortunately it's hard to find information about
this stuff if you are someone that has 0 experience with UEFI firmware.

If you care about x86 PC firmware security, buy your x86 machines from
Microsoft. They have a proven track record of caring about it.

That's a fair recommendation, though unfortunately you can't just buy a
motherboard from Microsoft. At least in New Zealand I don't even see
their desktops, only their laptops being sold.

Great work on this! Has MSI been notified and if so, have they responded?

I have tried contacting them like 5-6 times through different methods,
but they are ignoring me.

@heretical-blacksheep
Copy link

heretical-blacksheep commented Jan 17, 2023

Unfortunately that's par for the course, it seems, with MSI. I probably won't buy another board from them.

As a quick followup, I have the X570 Gaming Plus Wifi board, which, thanks to you (and I mean that, a sincere thanks!) I revisited secure boot in the firmware UI and confirmed it has the same default values even with secure boot set to "custom".

However, when I set it to "always deny" in the Image Execution menu the board will not even POST! (Blank screen, no beep codes) So apparently there's something seriously wrong somewhere with the way MSI is doing secure boot verification at least on this particular board. The only keys involved are the factory default and Linux Mint's 3rd party keys. Right now I have the battery out of the board and waiting for cap discharge before I attempt to power it on again. Bad thing is that's my main desktop. I hope the hard reset clears the problem.

If it doesn't, I'll be looking for another board from another vendor. I'll update either way in a half hour or so.

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Jan 17, 2023

Always Deny means always deny no matter if it's signed. What you want is Deny Execute.

@heretical-blacksheep
Copy link

Oops! Anyway, I managed to clear the settings, booted normally again after setting things properly this time: Custom + Deny Execute for Option, Attached, and Fixed storage. Verified that Linux Mint is booting properly and that SB was still enabled via bootctl. On top of that I did a quick download and write to a USB stick Pop!_OS which is known not to support SB and got the expected SB boot violation error when attempting to do so. I can only assume that a signed shim or kernel but without a matching key in storage will do the same as I don't have an easy way of testing that.

I don't suppose anyone knows if it's possible to change SB settings from the OS level which would make all this moot to begin with?

@RhanCandia
Copy link

RhanCandia commented Jan 18, 2023

I have MSI MAG B550M MORTAR WIFI so I had to check this one my end.

I have the latest (7C94v1D) BIOS availble from https://www.msi.com/Motherboard/MAG-B550M-MORTAR-WIFI/support
In the logs they mentioned updates on the Security Settings.

7C94v1D
2022-08-19

Description:
- Update to AGESA ComboAm4v2PI 1.2.0.7.
- Change the default setting of Secure Boot.
7C94v1C
2022-06-21

Description:
- Update to AGESA ComboAm4v2PI 1.2.0.7.
- Change the default setting of Secure Boot.

In the post above it said the on MSI MAG B550M MORTAR WIFI, the affected firmware is 7C94v19 and since the two I listed above pushed changes in the settings, I was hoping it would have fixed the issue. But I was wrong.

NOTE: I did a CMOS reset before taking these.

When I went to check Secure Boot it was set to Standard and the options for Image Execution Policy was greyed out.

MSI_SnapShot

I went to set Secure Boot to Manual and checked the values inside the Execution Policy which should be in their default states.

MSI_SnapShot_00

Despite the Changes to Secure Boot settings in the last firmware version, the default values in the Execution Policy are still set to Always Execute.

I suppose for now I can set the values to the proper expected value. But which ones should I set to Deny?
Removable Media and Fixed media probably, what about Option ROM? And what about the greyed out Internal FV? Should I be worried about that?

Unfortunately I can't afford to test older firmwares like 7C94v1B or 7C94v1C to see the changes introduced before what I have (7C94v1D).

@dawidpotocki
Copy link
Contributor Author

Unfortunately I can't afford to test older firmwares like 7C94v1B or
7C94v1C to see the changes introduced before what I have (7C94v1D).

No need to, I already did all the testing. You can see the list in the
issue.

I suppose for now I can set the values to the proper expected value.
But which ones should I set to Deny? Removable Media and Fixed media
probably, what about Option ROM?

Uh, it is mentioned in the issue:

Then change "Always Execute" to "Deny Execute" on "Removable Media"
and "Fixed Media". Optionally you can also change "Option ROM" to
"Deny Execute", read more about Option ROMs.

josephlr had also provided a link about security issues with Option ROM being
set to "Always Execute".
#181 (comment)

And what about the greyed out Internal FV? Should I be worried about
that?

Internal FV = Internal Firmware Volume, so it means the UEFI firmware itself. I
don't think it's possible to do Secure Boot on that as firmware does the
verification.

@critkitten
Copy link

If you look at X470 on official website there note this in changelog.
https://www.msi.com/Motherboard/X470-GAMING-PRO-CARBON/support

[Download](https://download.msi.com/bos_exe/mb/7B78v2I.zip)
AMI BIOS7B78v2I2022-08-059.64 MB

    Description:
    -  Update to AGESA ComboAm4v2PI 1.2.0.7.
    -  Change the default setting of Secure Boot.

With setting off you are able to install/boot archlinux or any linux without secure boot.
Which is very good default if you ask me.
If set manual on you can have windows 11 and linux with secure boot.

I don't see a problem if you ask me.
Everybody who can update uefi bios should be able to look this settings up and verify by own.

@lazy-revolution
Copy link

lazy-revolution commented Jan 18, 2023

Hi @dawidpotocki
First, thanks a lot for finding this issue and making it public. I noticed that my motherboard was listed as a vulnerable one [MSI PRO B660M - G DDR4] but the BIOS version that was listed (7D45v21) didnt match the one from the website link. The website lists only 7D45v1B as the latest one.

Anyway, I had 7D45v19 installed on my system that is older and it has the same issue. You can see in the image below that I had to update my settings manually as well. Hope this helps you update the table with the right versions.

MSI_SnapShot_00

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Jan 18, 2023

If you look at X470 on official website there note this in changelog.

This change is not relevant.

If set manual on you can have windows 11 and linux with secure boot.

Um, but that Secure Boot is doing nothing with the default settings and you can
self-sign Linux and have working Secure Boot, that's what I'm doing or you can
use a distro that works OOTB with Secure Boot like Fedora. Overall your comment
confuses me, not sure what you are trying to say.

but the BIOS version that was listed (7D45v21) didnt match the one from the
website link.

It's a beta version, it's unlisted.

but the BIOS version that was listed (7D45v21)

That's for DDR5 version.

PRO B660M-G: 7D45vA21 (2022-05-23) [2022-05-20]
PRO B660M-G DDR4: 7D45v141 (2022-05-23) [2022-05-23]

You can see that you have firmware from 2022-09-02 and the one that I listed is
from 2022-05-23. v141 is a beta for v14. And yes, MSI shows their date in
MM/DD/YYYY format, very "smart" of them.

@dawidpotocki
Copy link
Contributor Author

MSI have made a statement on their subreddit (and nowhere else):
https://www.reddit.com/r/MSI_Gaming/comments/10g9v3m/msi_statement_on_secure_boot/

@heretical-blacksheep
Copy link

Does anyone else interpret the MSI response as doubling down on their insecure defaults decision? It's only a matter of time before enterprising black hats start using BYOF (bring your own firmware) on MSI motherboards to bypass secure boot by resetting options to defaults. They're using the letter of a spec to bypass the spirit of the spec making secure boot truly useless for the vast majority of their customers (since very few will know or notice the change). If anyone really wanted to use an OS that doesn't support secure boot, they could have already just turned it the eff off. However, I'm not surprised by MSI's response based on previous experience with them.

@dawidpotocki
Copy link
Contributor Author

Does anyone else interpret the MSI response as doubling down on their
insecure defaults decision?

Tbh, have you expected anything else? They had few options:

  1. Give no statement
  2. Say that they did this on purpose and that they lowered security of
    their users to save some money on support tickets
  3. Say that they did this on purpose for the "better experience of their
    customers"
  4. Say that they did this accidentally and look like morons

It was either that or no statement.

At the very least it looks like they are going to fix their defaults, if
I'm interpreting their statement correctly.

If anyone really wanted to use an OS that doesn't support secure boot, they
could have already just turned it the eff off.

They have made this change to bypass Windows 11 requirements of having Secure
Boot enabled during install, not to make Linux users happy as this
setting actually breaks GRUB.

@CirnoT
Copy link

CirnoT commented Jan 21, 2023

@dawidpotocki You might want to consider throwing that motherboard in the trash anyway, it will NEVER work properly for Secure Boot :>

Not many people are aware of this (and even less care) but MSI motherboards that ship with this setting also ship with ME configured in Manufacturing Mode and no OEM key or manifest is present. This means that:

  1. Anyone can reconfigure it using Intel tools (though they are supposed to be NDA'd) and brick your device if they gain access to it
  2. ME will NEVER check or verify that UEFI its loading is valid and has not been tampered with, essentially breaking Boot Guard's trust of chain even earlier than Secure Boot itself.

Can you fix it yourself? No. While you can exit Manufacturing Mode yourself to at least avoid someone else making changes to Boot Guard policy, this will effectively write down open-for-everyone config into PCH's OTP memory. Installing manifest would require signing it with MSI's key and such key also needs to have Intel's blessing.

In general, trust of chain follows:

  1. On-die ME public key hash
  2. On-flash ME public key hash
  3. On-die microcode symmetric key
  4. On-die microcode public key hash
  5. On-flash microcode public key hash (for updates)
  6. On-flash ACM public key hash
  7. ACM public key inside ACM header
  8. OTP fused OEM KMSVN <-- ME in Manufacturing mode, everything below is broken
  9. OTP fused OEM root public key hash
  10. Boot Guard manifest referencing KMSVN for rollback-protection signed by OEM-root key
  11. On-flash OEM root public key in manifest file
  12. On-flash OEM model-specific public key in manifest file
  13. On-flash Boot Guard Boot Policy signed by OEM model-specific key
  14. Boot Guard region hashes in Boot Policy
  15. UEFI's PK, KEK, DB, DBX <-- this is disabled by default, everything below is broken
  16. ...

@dawidpotocki
Copy link
Contributor Author

I know that it is a case for some MSI boards, but according to fwupdmgr,
my board doesn't have manufacturing mode enabled.

@CirnoT
Copy link

CirnoT commented Jan 21, 2023

That's curious. If you are able to source CSME System Tools for v16+ you could try running MEInfo to find out for sure. You would be interested in sections "End Of Manufacturing" as well as "FW Supported FPFs", and especially SVNs and Hashes.

@dawidpotocki
Copy link
Contributor Author

Welp, tried v16 and told me that Raptor Lake is unsupported, only Alder Lake.

@Tuxilla
Copy link

Tuxilla commented Jan 22, 2023

You can see it with Fedora 37 and Fedora 38 Rawhide that the Intel Management Engine is located Manufacturing Mode.
reddit.com

@dawidpotocki
Copy link
Contributor Author

This is a different board and this info comes from fwupd.

@Foxboron
Copy link
Owner

Please keep in mind this issue is for Secure Boot issues. Manufacture mode, general other issues with MSI stuff isn't really relevant.

The issue has been linked many places at the moment, please keep it on-track :)

@orangpelupa
Copy link

Btw turning those 3 into always deny result in msi b550 gaming wifi edge cannot boot at all. Can't even go to uefi

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Jan 23, 2023

@orangpelupa Don't use Always Deny. It means that it will ALWAYS DENY, no matter if it's signed or not. You want "Deny Execute". Clear CMOS and do it properly.

@orangpelupa
Copy link

orangpelupa commented Jan 23, 2023

@orangpelupa Don't use Always Deny. It means that it will ALWAYS DENY, no matter if it's signed or not. You want "Deny Execute". Clear CMOS and do it properly.

Whoops my bad.

Btw maybe make a clear warning to the OP?

In case other people did the same mistake as me.

Corrextion, clear cmos does fix the problem.

@denali1
Copy link

denali1 commented Mar 25, 2023

MSI has released a beta firmware update for the MEG X570S UNIFY-X MAX 7D51v151. The output I got when I ran the script above was "7D51v151: Good". However, I had to take that script and modify it for Kali Linux. Since I'm a firm believer in "Trust but verify", does anyone else who is using the script get the same outcome when they run it on that firmware package?

@dawidpotocki
Copy link
Contributor Author

dawidpotocki commented Mar 26, 2023

7D51v151: Bad

Idk how you ran the script, maybe you don't have some of the tools
installed or your edits are bad.

Anyway, the script is outdated as it doesn't work for newer firmware
that has changed Secure Boot settings. They now have "Secure Boot
Preset" instead of "Image Execution Policy".

@denali1
Copy link

denali1 commented Mar 26, 2023

Well, I'm glad I asked. I was afraid it was too good to be true. Thank you for following up.

@Foxboron
Copy link
Owner

Foxboron commented May 9, 2023

If anyone following this issue wants to help Richard on the recent MSI leak please read.

https://blogs.gnome.org/hughsie/2023/05/09/msi-and-insecure-kms/

Repository owner locked and limited conversation to collaborators Jul 16, 2024
@Foxboron Foxboron converted this issue into discussion #322 Jul 16, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Labels
None yet
Projects
None yet
Development

No branches or pull requests